CVE-2024-24621 Vulnerability Details

  /     /     /  

CVE-2024-24621 Metadata Quick Info

CVE Published: 25/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: XI | Vendor: Softaculous | Product: Webuzo
Status : PUBLISHED

CVE-2024-24621 Description

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-697
CWE Name: CWE-697 Incorrect Comparison
Source: Softaculous

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-115
CAPEC Description: CAPEC-115 Authentication Bypass


Source: NVD (National Vulnerability Database).